RapidIdentity Product Guide

Roles

The Roles functionality in the Configuration > Security module gives administrators a way to assign system roles/permissions in RapidIdentity to members of particular LDAP groups.

Roles_-_Security.jpg

To change an existing role assignment, click the magnifying glass in the field with the DN of the group in it.

Magnifying_Glass.jpg

This opens the file tree of the LDAP browser, which can be used to find Group objects.

LDAP_Containers.jpg

Note

After any changes have been made to System Roles, log out and log back in for them to take effect.

System Roles Defined

RapidIdentity uses Roles to manage access and authorization across modules and their respective components. They can be viewed as labels for directory groups who share similar privileges.

Table 84. Roles

Module

Role

Privileges

Applications

Portal Applications Admin

  • Can see all Applications module information

  • Can bookmark and view owned applications using category filters

  • Can manage Application Categories

Portal Applications Helpdesk

Currently no effect in the new UI

Connect

Connect Admin

  • Can see all Connect module information

  • Can do all things related to files, jobs, logs, and status

  • Can do all things related to action sets

  • Can do all things related to RESTPoints, OAuth1, and OAuth2 through the module settings

Note

The System Admin and Tenant Admin roles have these privileges as well.

Connect Auditor

  • Can view and export files, jobs, and logs

  • Can view and export action sets

  • Can view details of existing RESTPoints, OAuth1 Consumers, and OAuth2 Credentials

Connect Operator

  • Can see all Connect module information

  • Can do all things related to files, jobs, logs, and status

  • Can view, export, and run Action Sets

  • Can view details of existing RESTPoints, OAuth1 Consumers, and OAuth2 Credentials

Dashboard

Portal Dashboard Admin

Can see all Dashboard module information and can edit graph configuration

Portal Dashboard Viewer (Summary & Details)

  • Can view the Executive Summary graphs, details, and bookmarked applications on the main screen only

  • User activity can be viewed in the Activity drop-down of the Notification bar

Note

This Role is not currently being utilized in the new user interface.

Portal Dashboard Viewer (Summary only)

  • Can view the Executive Summary graphs, details, and bookmarked applications on the main screen

  • User activity can be viewed in the Activity drop-down of the Notification bar

Note

This Role is not currently being utilized in the new user interface.

Portal Dashboard Viewer (Executive)

  • Can view the Executive graphs and bookmarked applications on the main screen only

  • User activity can be viewed in the Activity drop-down of the Notification bar

Files

Portal Files Admin

  • Can see all file shares, edit general module settings, and manage file shares

Folders

Folders Admin

  • Can see all information

  • Can create, edit, prioritize, and delete policies and templates

  • Can add users and groups to Backlog

  • Can clear Backlog problem queue

Folders Operator

  • Can see all information

  • Can view policies and templates

  • Can add users and groups to Backlog

  • Can clear Backlog problem queue

Folders Auditor

  • Can see all information, but cannot make changes

People - Profiles

Portal Profiles Admin

  • Can see all People module information

  • Can reset verification methods if the delegation allows

  • Can add/edit delegations and attributes from the People module's settings

  • Can delete, clone, and reorder delegations from the People module's settings

  • Can edit, enable, disable, print, unlock, and export user profiles

  • Can view users' Helpdesk verification questions

Portal Profiles Helpdesk

  • Can edit, enable, disable, print, unlock, and export user profiles

  • Can reset verification methods if the delegation allows

  • Can view users' Helpdesk verification questions

People - Sponsorship

Portal Sponsorship Admin

  • Can access the module's general settings and delegations under the Settings button

  • A user in the Sponsorship Admin role has the ability to see and/or search for and manage all Sponsored Accounts

  • Can edit, export, and print existing profiles and add a new person

  • If the user's delegation permits, they can reset verification methods that permissions allow

  • Can view and edit Sponsorship Attributes through the module settings

Portal Sponsorship Helpdesk

  • A user in the Sponsorship Helpdesk role may search for and see all Sponsored Accounts but may only perform management actions which are granted to them

  • Can edit, export, and print existing profiles and add a new person

  • If the user's delegation permits, they can reset verification methods that permissions allow

Portal Sponsorship Sponsor

Enables access to the Sponsored Accounts delegation in the People module. Allows ability to create, delete, and manage their own Sponsored Accounts

Reports

Portal Reporting Admin

  • Can see all Reports module information

  • Can create and run reports, along with the ability to export, import, and modify reports

Portal Reporting Manager

  • Can create and manage saved Reports module reports

  • Can import Community reports

  • Can run reports

Portal Reporting Viewer

Can only view and run saved Reports module reports

Requests

Portal Workflow Admin

  • Can access Categories settings and Data Classifications attributes options under the Settings button

  • Allows ability to create, delete, and manage Workflows and Entitlements

  • Displays Tasks and Activity sections

Portal Workflow Help Desk

  • Displays Tasks and Activity delegations in the Requests module that list entitlements that need to be Certified/Extended/Approved

Roles

Portal Roles Admin

  • Can see all Roles module information

  • Can do all things related to Roles, if the Role actions are set up by the system administrator

Note

The System Admin and Tenant Admin roles have these privileges as well.

Portal Roles Manager

Enables "My Roles" tab. Allows for roles to be added. Permits management of roles in which they are an owner or membership manager:

  • Can view, export, and print roles

  • Can search roles

Portal Roles Helpdesk

  • Enables "Other Roles" which allows management within the Static and Dynamic tabs of any group

  • Can create, delete, edit, clone, and sync roles, if these Role actions are set up by the system administrator

  • Can search roles

Portal Roles Viewer

  • Can search and retrieve all roles by Name

  • Can see current role membership and view role details

Studio

Studio Admin

  • Can perform all tasks within the Studio module

Studio Operator

  • Can view all applications, their status, and Data Explorer. Can also run Studio Jobs

Studio Auditor

  • Can view all applications, their status, and Data Explorer

System

System Admin

  • Can access and configure modules

  • Can edit high level policies for other modules

  • Enables access to the Configuration module which includes General, Policies, Security, and Systems

  • Provides Helpdesk role for RapidIdentity Portal

API Developer

  • Allows access to the embedded RapidIdentity API documentation. See RapidIdentity Developer Guides.

  • Allows location of an API endpoint that could be called from a custom UI, a Connect Action Set, or wherever web services requests can be generated

since version 2019.8.13

Authentication API Consumer

  • Able to use the new Common Authentication API

    • Used to request identity of the user by the selected authentication method and receive their idautoID in response

See RapidIdentity Authentication API Guides for more information.

since version 2019.8.13

Tenant Admin

  • System role that enables configuration of an IDaaS tenant instance

  • Can enable and disable an Identity Automation employee (e.g., Support Engineer) to log in to the IDaaS environment as a system administrator

Note

This configuration is a special use case. See Tenant for more details.Tenant Login

since version 2019.8.13



In this section: